Commit Graph

2789 Commits (730f351e59960685e1ed7d7f56ef0be3fe90e8e7)
 

Author SHA1 Message Date
Sébastien Han 73cf0378c2 docker: osd, do not use priviledged container anymore
Oh yeah! This patch adds more fine grained control on how we run the
activation osd container. We now use --device to give a read, write and
mknodaccess to a specific device to be consumed by Ceph. We also use
SYS_ADMIN cap to allow mount operations, ceph-disk needs to temporary
mount the osd data directory during the activation sequence.

This patch also enables the support of dedicated journal devices when
deploying ceph-docker with ceph-ansible.

Depends on https://github.com/ceph/ceph-docker/pull/478

Signed-off-by: Sébastien Han <seb@redhat.com>
2017-02-21 15:54:36 -05:00
Sébastien Han a002508a91 purge-docker: also purge journal devices
Signed-off-by: Sébastien Han <seb@redhat.com>
2017-02-21 15:54:36 -05:00
Sébastien Han dd548c6034 docker: osd, do not skip on failure
If the systemd unit file can not be generated we should fail, same for
systemd enable and reload.

Signed-off-by: Sébastien Han <seb@redhat.com>
2017-02-21 15:54:36 -05:00
Sébastien Han 661a9d0cdf Merge pull request #1315 from ceph/rolling-update-tests
adds a testing scenario for rolling updates
2017-02-21 15:53:57 -05:00
Andrew Schoen f3a1c6464c update group_vars sample for rolling_update variable
Signed-off-by: Andrew Schoen <aschoen@redhat.com>
2017-02-21 12:36:54 -06:00
Andrew Schoen 6cf842eb39 ceph-common: remove infernalis comment on radosgw_civetweb_port
As of Infernalis, the Ceph daemons run as an unprivileged "ceph" UID,
and this is by design.

Commit f19b765 altered the default
civetweb port from 80 to 8080 with a comment in the commit log about
"until this gets solved"

Remove the comment about permissions on Infernalis, because this is
always going to be the case on the Ceph versions we support, and it
is just confusing.

If users want to expose civetweb to s3 clients using privileged TCP
ports, they can redirect traffic with iptables, or use a reverse proxy
application like HAproxy.

Signed-off-by: Andrew Schoen <aschoen@redhat.com>
2017-02-21 12:35:00 -06:00
Andrew Schoen 0cdc6fb79a tests: adds a new ansible2.2-update_dmcrypt scenario
This performs a rolling update on a cluster using dmcrypt dedicated
journals.

Signed-off-by: Andrew Schoen <aschoen@redhat.com>
2017-02-21 12:31:27 -06:00
Andrew Schoen 5622c94e8b rolling-update: do not use upstart to stop mons when using systemd
Signed-off-by: Andrew Schoen <aschoen@redhat.com>
2017-02-21 12:31:26 -06:00
Andrew Schoen 1579642e3f ceph-common: do not get current fsid when performing a rolling_update
This avoids a situation where during a rolling_update we try to talk to
a mon to get the fsid and if that mon is down the playbook hangs
indefinitely.

Signed-off-by: Andrew Schoen <aschoen@redhat.com>
2017-02-21 12:31:26 -06:00
Andrew Schoen 920bd9cf2d ceph-common: use yum_repository when adding the ceph_stable repo
This gives us more flexibility than installing the ceph-release package
as we can easily use different mirrors. Also, I noticed an issue when
upgrading from jewel -> kraken as the ceph-release package for those
releases both have the same version number and yum doesn't know to
update anything.

Signed-off-by: Andrew Schoen <aschoen@redhat.com>
2017-02-21 12:31:26 -06:00
Sébastien Han 5d8174b1ef Merge pull request #1324 from ktdreyer/rm-civetweb-port-comment
group_vars: rm Infernalis comment
2017-02-21 13:28:16 -05:00
Ken Dreyer 4db4de52b0 group_vars: rm Infernalis comment
As of Infernalis, the Ceph daemons run as an unprivileged "ceph" UID,
and this is by design.

Commit f19b765f79 altered the default
civetweb port from 80 to 8080 with a comment in the commit log about
"until this gets solved"

Remove the comment about permissions on Infernalis, because this is
always going to be the case on the Ceph versions we support, and it
is just confusing.

If users want to expose civetweb to s3 clients using privileged TCP
ports, they can redirect traffic with iptables, or use a reverse proxy
application like HAproxy.
2017-02-21 10:05:49 -07:00
Sébastien Han acd4432f16 Merge pull request #1325 from ceph/ipv6-rgw-doc
Ipv6 rgw doc
2017-02-21 12:02:06 -05:00
Sébastien Han 9e7fbbd6c5 docker-common: sync group_vars file
Signed-off-by: Sébastien Han <seb@redhat.com>
2017-02-21 12:01:08 -05:00
Sébastien Han effefe91d5 common: add doc for rgw on ipv6
See: https://bugzilla.redhat.com/show_bug.cgi?id=1424799

Signed-off-by: Sébastien Han <seb@redhat.com>
2017-02-21 12:00:37 -05:00
Sébastien Han 5915daf0e0 Merge pull request #1322 from ceph/fix-transparent-page
common: fix "disable transparent hugepage"
2017-02-21 09:34:30 -05:00
WingKai Ho 421d1a2853 Update ceph_keys.yml
jewel version need to build the {{ cluster }}.client.admin.keyring exists key
2017-02-21 09:49:52 +08:00
Sébastien Han 7c79e09424 common: fix "disable transparent hugepage"
To configure kernel the task is using "command" module which is not
respect operator ">". So this task just print to "stdout": "never >
/sys/kernel/mm/transparent_hugepage/enabled"

fix: #1319

Signed-off-by: Sébastien Han <seb@redhat.com>
2017-02-20 17:07:53 -05:00
Sébastien Han adb85530b7 Merge pull request #1316 from zhsj/fix-osd-id
fix grep match pattern for osd ids
2017-02-20 16:57:14 -05:00
Shengjing Zhu 32923fd217 fix grep match pattern for osd ids
Some playbooks use [0-9]*, others use \d+$
The latter is more correct since cluster name may contain numbers.

Signed-off-by: Shengjing Zhu <zsj950618@gmail.com>
2017-02-20 16:35:56 +08:00
Sébastien Han 95bece97e5 Merge pull request #1313 from ceph/docker-systemd-units
docker: homogenise systemd file location
2017-02-16 20:02:13 +01:00
Sébastien Han cc769464d0 docker: homogenise systemd file location
So unit files were stored in /var/lib/ceph some where in
/etc/systemd/system. Now they are all under /etc/systemd/system.

closes: #1296

Signed-off-by: Sébastien Han <seb@redhat.com>
2017-02-16 18:31:32 +01:00
Andrew Schoen a81b40eb6f Merge pull request #1311 from ceph/BZ-1414647
purge-cluster: also purge dmcrypt dedicated journals
2017-02-15 11:57:09 -06:00
Andrew Schoen 22f52a9dc6 purge-cluster: also purge dmcrypt dedicated journals
See: https://bugzilla.redhat.com/show_bug.cgi?id=1414647

Signed-off-by: Andrew Schoen <aschoen@redhat.com>
2017-02-15 10:27:17 -06:00
Sébastien Han d82dc96d57 Merge pull request #1307 from ceph/rgw-configure
rgw-standalone.yml will also now collect keys
2017-02-15 10:52:38 +01:00
Andrew Schoen 3964929a56 rgw-standalone: also fetch keys from mons
This is to allow for ceph-installer usage of this playbook and
to ensure that you have the correct keys locally when bootstrapping.

Signed-off-by: Andrew Schoen <aschoen@redhat.com>
2017-02-14 16:12:59 -06:00
Andrew Schoen be4cffe782 Merge pull request #1306 from ceph/BZ-1422134
purge-cluster: remove calamari-server package
2017-02-14 12:29:54 -06:00
Andrew Schoen c5f561a4e9 purge-cluster: remove calamari-server package
See: https://bugzilla.redhat.com/show_bug.cgi?id=1422134

Signed-off-by: Andrew Schoen <aschoen@redhat.com>

Resolves rhbz#1422134
2017-02-14 09:24:02 -06:00
Sébastien Han 978093d843 Merge pull request #1304 from guits/fix_1300
Skip facts_mon_fsid.yml if cephx is disabled
2017-02-11 13:14:07 +01:00
Andrew Schoen c5a5658e09 Merge pull request #1301 from guits/fix_1294
Check if ceph_conf_overrides.global is defined before calling it
2017-02-10 10:20:14 -06:00
Andrew Schoen 94ac749918 Merge pull request #1302 from ceph/docker-pull
docker: use a better method to pull images
2017-02-10 10:18:37 -06:00
Guillaume Abrioux 11bae8b252 Skip facts_mon_fsid.yml if cephx is disabled
If cephx is disabled it is not necessary to include `facts_mon_fsid.yml`
in `roles/ceph-common/tasks/facts.yml`.

Fix: #1300
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2017-02-10 17:04:32 +01:00
Andrew Schoen 315b1bf702 Merge pull request #1305 from guits/quick_fix
bugfix: Add missing conditions for kraken release
2017-02-10 10:02:10 -06:00
Guillaume Abrioux e63631a4ab bugfix: Add missing conditions for kraken release
76ddcbc introduced an issue by removing some needed conditions on tasks
that need to be run only on release >= kraken.
2017-02-10 15:14:54 +01:00
Guillaume Abrioux 4295d427b9 Check if ceph_conf_overrides.global is defined before calling it
Expand the fix in #1291 to all the playbook in order to get a full coverage.

Fix: #1294
Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2017-02-09 20:28:58 +01:00
Sébastien Han c2f1dca823 docker: use a better method to pull images
We changed the way we declare image.
Prior to this patch we must have a "user/image:tag"
format, which is incompatible with non docker-hub registry where you
usually don't have a "user". On the docker hub a "user" is also
identified as a namespace, so for Ceph the user was "ceph".

Variables have been simplified with only:

* ceph_docker_image
* ceph_docker_image_tag

1. For docker hub images: ceph_docker_name: "ceph/daemon" will give
you the 'daemon' image of the 'ceph' user.

2. For non docker hub images: ceph_docker_name: "daemon" will simply
give you the "daemon" image.

Infrastructure playbooks have been modified as well.
The file group_vars/all.docker.yml.sample has been removed as well.
It is hard to maintain since we have to generate it manually. If
you want to configure specific variables for a specific daemon simply
edit group_vars/$DAEMON.yml

Fixes: https://bugzilla.redhat.com/show_bug.cgi?id=1420207
Signed-off-by: Sébastien Han <seb@redhat.com>
2017-02-09 17:57:18 +01:00
Andrew Schoen 5ddfc4f85c Merge pull request #1284 from ceph/BZ-1418980
purge-cluster: do not use ceph-detect-init
2017-02-08 08:46:03 -06:00
Andrew Schoen 4ff5908758 Merge pull request #1289 from ceph/fix-1286
rolling-update: detect init system properly
2017-02-08 06:31:30 -06:00
Andrew Schoen 865b4500dc purge-cluster: set a default value for fetch_directory if not defined
Signed-off-by: Andrew Schoen <aschoen@redhat.com>
2017-02-08 06:25:43 -06:00
Andrew Schoen adf6aee643 purge-cluster: remove all include tasks
Including variables from role defaults or files in a group_vars
directory relative to the playbook is a bad practice. We don't want to
do this because including these defaults at the task level overrides
values that would be set in a group_vars directory relative to the
inventory file, which is the correct usage if you wish to override
those default values.

Signed-off-by: Andrew Schoen <aschoen@redhat.com>
2017-02-08 06:25:43 -06:00
Andrew Schoen 0476b24af1 purge-cluster: do not use ceph-detect-init
We can not always ensure that ceph-detect-init will be
present on the system.

See: https://bugzilla.redhat.com/show_bug.cgi?id=1418980

Signed-off-by: Andrew Schoen <aschoen@redhat.com>
2017-02-08 06:24:44 -06:00
Sébastien Han 0617f92df5 Merge pull request #1291 from guits/quick_fix
ceph-mon: Fix bug #1242
2017-02-08 11:46:31 +01:00
Guits df162a61b1 ceph-mon: Fix bug #1242
We shouldn't test directly the value of
`ceph_conf_overrides.global.osd_pool_default_pg_num` because this can
cause the playbook to fail if the key `global` is not present in
`ceph_conf_overrides`. Therefore we have to use the facts that have been
defined earlier.

Fix: #1242

Signed-off-by: Guillaume Abrioux <gabrioux@redhat.com>
2017-02-08 10:46:46 +01:00
Sébastien Han a52228fa43 Merge pull request #1281 from ceph/purge-ceph-detect-init
purge: ability to purge client role
2017-02-08 10:34:56 +01:00
Sébastien Han 98fd05fa41 Merge pull request #1290 from zhsj/ceph-mirror
add ceph_mirror variable
2017-02-08 09:04:50 +01:00
Sébastien Han 8f94bfb498 rolling-update: detect init system properly
Simply use the ansible_service_mgr fact.

Closes: #1286

Signed-off-by: Sébastien Han <seb@redhat.com>
2017-02-08 08:52:05 +01:00
Shengjing Zhu 7e10b0325b add ceph_mirror variable
Closes: #1282

Signed-off-by: Shengjing Zhu <zsj950618@gmail.com>
2017-02-08 13:13:31 +08:00
Sébastien Han c34d0a9d28 purge-docker: force image deletion
even if non-runnin containers are using this image as a reference.

Signed-off-by: Sébastien Han <seb@redhat.com>
2017-02-07 22:14:21 +01:00
Sébastien Han 72cd9199ac purge: ability to purge client role
Signed-off-by: Sébastien Han <seb@redhat.com>
2017-02-07 22:14:18 +01:00
Sébastien Han 1b58afce7f Merge pull request #1285 from ceph/BZ-1419814
ceph-common: set ms bind ipv6 = true in ceph.conf when using ipv6
2017-02-07 22:12:44 +01:00